ET HUNTING Dotted Quad Host Workzueg HTTP Server String Response

SID: 2063017Rev: 14 viewsHistory

Sourceet/open

CreatedJune 16, 2025

UpdatedJune 16, 2025

Classificationtrojan-activity

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING Dotted Quad Host Workzueg HTTP Server String Response"; flow:established,to_client; flowbits:isset,http.dottedquadhost; http.stat_code; content:"200"; http.server; content:"werkzueg|2f|"; nocase; fast_pattern; reference:url,pypi.org/project/Werkzeug/; classtype:trojan-activity; sid:2063017; rev:1; metadata:affected_product Any, attack_target Client_and_Server, tls_state plaintext, created_at 2025_06_16, deployment Perimeter, confidence Medium, signature_severity Major, updated_at 2025_06_16, mitre_tactic_id TA0011, mitre_tactic_name Command_And_Control, mitre_technique_id T1102, mitre_technique_name Web_Service; target:dest_ip;)

References

url	pypi.org/project/Werkzeug/

Metadata

affected productAny

attack targetClient_and_Server

tls stateplaintext

created at2025_06_16

deploymentPerimeter

confidenceMedium

signature severityMajor

updated at2025_06_16

mitre tactic idTA0011

mitre tactic nameCommand_And_Control

mitre technique idT1102

mitre technique nameWeb_Service

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!